PT-2026-42362

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

CVE-2025-46122

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint /admin/cmdstat.jsp passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC...

CVE-2024-25002

Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device...

CVE-2024-25002

Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device...

CVE-2024-25002

CVE-2024-25002 relates to a command injection in the Bosch Network Synchronizer diagnostics interface. The vulnerability allows unauthorized users to execute commands, potentially attaining full access to the device. Connected sources indicate affected versions are prior to 9.30, but exact vulner...

CVE-2024-25002

Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device...

PT-2024-20692 · Bosch · Bosch Network Synchronizer

Name of the Vulnerable Software and Affected Versions: Bosch Network Synchronizer affected versions not specified Description: Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device. Recommendations: At the moment, ther...

PT-2022-3473 · Bosch · Bosch Pra-Es8P2S

Name of the Vulnerable Software and Affected Versions: Bosch PRA-ES8P2S versions 1.01.05 and earlier Description: The issue is related to insufficient input validation in the diagnostics web interface of the Bosch PRA-ES8P2S Ethernet switch. This allows a remote attacker to execute arbitrary...

CVE-2018-16221

The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 does not validate escape the path information path traversal, which allows an authenticated remote attacker to get access to privileged information e.g., /etc/passwd via path traversal relative path...